[Samba] Windows Explorer file creation on SAMBA share assigns unexpected permissions

Bret Goodfellow Bret.Goodfellow at questar.com
Tue Sep 8 22:30:32 UTC 2015 

I have created a Samba file share on my linux distribution.  Everything appears OK with the SAMBA share (from a Windows client point of view), but the permissions on any newly created file (not folders) have some additional entries.  So here is the structure of the share:

Share name: gluster-gvol7_smb
Owners are:
  Linux Dudes (CORP\Linux Dudes)
  Domain Admins (CORP\Domain Admins)

CREATING FOLDERS WORKS AS EXPECTED - see below:
================================
>From the Windows client using Windows Explorer, I can create a "FOLDER" in the Samba Share.  When I display the "Security Properties" of the newly created folder, I see that inheritance has worked as expected.  I see that the Owners are:
  Linux Dudes (Corp\Linux Dudes)
  Domain Admins (CORP\Domain Admins)

Here is the ACL information of the newly created FOLDER:
[root at server ]# getfacl folder1
# file: folder1
# owner: root
# group: root
user::rwx
group::---
group:linux\040dudes:rwx
group:domain\040admins:rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:linux\040dudes:rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::---

CREATING FILES DOES NOT WORK AS EXPECTED - see below:     !!! this is the problem !!!
==============================================
>From the Windows client using Windows Explorer, I can create a "FILE" in the Samba Share.  When I display the "Security Properties" of the newly created file, I see that inheritance has 3 additional groups/users.  I see the owners are:

Everyone                                                                                  <== NOT EXPECTED
root (UNIX User\root)                                                          <== NOT EXPECTED
root (UNIX Group \root)                                                       <== NOT EXPECTED
Linux Dudes (CORP\Linux Dudes)
Domain Admins (CORP\Domain Admins)

Here is the ACL information from the newly created FILE:
[root at server ]# getfacl file1.txt
# file: file1.txt
# owner: root
# group: root
user::rwx
group::---
group:linux\040dudes:rwx
group:domain\040admins:rwx
mask::rwx
other::---

Observation:  why does FILE creation have 3 additional groups/users associated with it (total of 5), but the FOLDER creation only has 2 as expected?  My Windows admins say that the additional IDs associated with the file are not correct, and should not happen.  Any ideas?

More information about the samba mailing list